I have written before about the "threats" of identity theft. Know-nothing politicians and bureaucrats often try to restrict access to public domain records and online databases with an excuse that restricting such access will somehow reduce identity theft. Sadly, genealogists suffer as a result. The same public domain records are often critical resources required to research one's family tree. Misguided legislation and procedures do nothing to stop identity theft but certainly do hinder genealogists.
A recent research report by Heith Copes of the University of Alabama at Birmingham and Lynne Vieraitis of the University of Texas at Austin has proven the point. The two examined identity thieves and their methods. Copes and Vieraitis searched federal court records in the US for people convicted of identity theft and then interviewed the thieves. They were able to find 297 inmates, from which they sampled 59 inmates in 14 prisons across the country. The convicts agreed to do detailed interviews, in private, to talk about themselves and their crimes. I would suggest the results should be studied by every politician and bureaucrat.
THe report shows that the identity thieves do not obtain their information from public records or from online databases. The most common method of obtaining information for identity theft is to was to buy it, often from employees of banks, mortgage companies, and government agencies. Identity information could also be bought off the street from petty criminals often fuelling drug habits. Other methods of obtaining IDs were robbing mailboxes and going through trashcans. Sometimes, victims willingly gave up their IDs in exchange for a portion of the fraud profits.
Of the many identity thieves interviewed, not one obtained the information from a public records office or vital records office or by hacking into an online database.
The authors wrote, "Despite public perceptions of identity theft being a high-tech, computer-driven crime, it is rather mundane and requires few technical skills. Identity thieves do not need to know how to hack into large, secure databases. They can simply dig through garbage or pay insiders for information. No particular group has a monopoly on the skills needed to be a capable identity thief."
You can read more at http://www.andrewpatrick.ca/security-and-privacy/id-theft-criminals.